Wed.Sep 21, 2022

article thumbnail

Automatic Cheating Detection in Human Racing

Schneier on Security

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.

234
234
article thumbnail

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Uber exposes Lapsus$ extortion group for security breach

Tech Republic Security

In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post Uber exposes Lapsus$ extortion group for security breach appeared first on TechRepublic.

article thumbnail

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Billion-dollar corporations, small mom-and-pop shops and average consumers could fall victim to a cyberattack. Related: Utilizing humans as security sensors. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims.

Phishing 174
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Energy bill rebate scams spread via SMS and email

Graham Cluley

The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.

Scams 143
article thumbnail

Data Security Training Needs an Update

CyberSecurity Insiders

By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.

More Trending

article thumbnail

Data security laxity makes Morgan Stanley pay $35 million SEC Penalty

CyberSecurity Insiders

Morgan Stanley, the world-renowned American firm that is into the business of financial investment, was slapped with a fine of $35 million by US SEC. And sources report that the penalty was pronounced by the US Securities and Exchange Commission for showing laxity in dealing with customer data. Going deep into the details, it’s learned that the company disposed of some of the company servers and Hard Disk Drives (HDDS) operated in its server farms last year.

article thumbnail

Vulnerability Intelligence Roundup: Five RCE Vulnerabilities to Prioritize in September

Digital Shadows

If you have ever watched a movie or television show that depicted hacking, you have probably heard the phrase, “I’m. The post Vulnerability Intelligence Roundup: Five RCE Vulnerabilities to Prioritize in September first appeared on Digital Shadows.

Hacking 122
article thumbnail

Malware related news headlines trending on Google

CyberSecurity Insiders

First is the news about Hive Ransomware targeting the New York Racing Association (NYRA) on 30th of June this year that resulted in disruption of IT services, including the website. Interestingly, the accessed records by the threat actors include health info, health insurance records, Social Security Numbers, and Driving License numbers of customers.

Malware 121
article thumbnail

Quick Heal Supports Windows 11 version 22H2

Quick Heal Antivirus

Microsoft has recently come up with a new update called Windows 11 22H2. The below article highlights. The post Quick Heal Supports Windows 11 version 22H2 appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Antivirus 119
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Top 5 attack surface challenges related to security operations

CSO Magazine

According to newly published ESG research , just over half of all organizations (52%) say that security operations are more difficult today than they were two years ago. When asked why, 41% pointed to an evolving and dangerous threat landscape, 38% identified a growing and changing attack surface, 37% said that alert volume and complexity are driving this change, and 34% blamed growing use of public cloud computing services.

article thumbnail

Fake Zoom Sites Deploying Vidar Malware

Heimadal Security

Cyble Research and Intelligence Labs (CRIL) discovered multiple fake Zoom sites created to spread malware among Zoom users. The sites were created with a similar user interface and disguised the malware as Zoom’s legitime application. The whole discovery was triggered by a tweet mentioning the apparition of those sites: Malware @Zoom downloads ?? /zoom-download.host /zoom-download.space […].

Malware 111
article thumbnail

Threat Group TeamTNT Returns with New Cloud Attacks

eSecurity Planet

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.

article thumbnail

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

Dark Reading

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Passwords 116
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

What we’re reading this month: September 2022

Digital Shadows

In this months episode of the what we’re reading series, we deep dive into an investigation into Russia’s military intelligence. The post What we’re reading this month: September 2022 first appeared on Digital Shadows.

article thumbnail

Heimdal® Named Expert Insights Fall 2022 “Best-Of” Winner in Four Categories

Heimadal Security

Copenhagen, September 20th, 2022 – Heimdal® has been named one of the Best-Of award winners by Expert Insights for our cybersecurity solutions. The awards recognize the most innovative and effective solutions that provide powerful benefits to their users, across multiple B2B cloud software categories. Heimdal has been awarded a Fall 2022 Expert Insights “Best-Of” award in four […].

B2B 100
article thumbnail

5 things to teach your kids about social media

Malwarebytes

With children now back at school, it’s time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all their social media needs. 1. Get to grips with default settings.

Media 98
article thumbnail

How to Create a Successful Cybersecurity Strategy

Heimadal Security

Ever wondered what are the main elements of an effective cybersecurity strategy? In today’s article, I’m going to describe all the aspects that I consider mandatory in order to stay one step (or more) ahead of cybercriminals in an ever-evolving cyberthreat landscape. What Is a Cybersecurity Strategy? A cybersecurity strategy is an organizational plan designed […].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Survey Reveals the Severity of Cloud Security Challenge

Security Boulevard

A full 80% of 400 cloud engineering and security practitioners and leaders surveyed by market research firm Propeller Insights on behalf of Snyk experienced at least one major cloud security incident in the past year. The most common experiences were misconfigurations (34%) followed closely by an actual data breach (33%), an intrusion (27%) and a. The post Survey Reveals the Severity of Cloud Security Challenge appeared first on Security Boulevard.

article thumbnail

Scammers send fake 'Energy Bills Support Scheme' texts

Malwarebytes

Watch out for an energy-themed scam being sent out via SMS. The message plays on energy price fears, similar to what we’ve seen previously. Scam alert. I just received this text. Click through and it looks very official. It’s a scam. The £400 energy bill discount is automatic, you don’t need to register or share any details with anyone.

Scams 98
article thumbnail

Details of Juice Jacking and USB Condom

CyberSecurity Insiders

Juice Jacking, the term is currently trending on Google because the said cyber threat is on the rise from the past few months. Technically speaking, Juice Jacking is an exploited USB port that can pass on malware and sniff data from a victimized device. This usually occurs when innocent device users unaware of the security threat charge their mobile phones in a public charging station, such as transit points like airports, shopping malls, and other points.

article thumbnail

5 Ways Identity Verification can help Airlines to ensure seamless operation and digital transformation

Security Boulevard

Why do we need Digital Identity Verification? Digitalization is not a new term anymore, and it’s surely never going to fade away as it has etched its space in every sector. The optimistic business transformation it brought compelled almost everyone to incorporate digitalization processes into their business operation. Every industry realized that to proceed with […].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Vulnerable children's identities used in tax fraud scheme

Malwarebytes

The United States Attorney for the Southern District of New York has sentenced Ariel "Melo" Jimenez (38) to 12 years in prison for leading a "tax fraud and identity theft conspiracy" that resulted in the fraudulent claiming of tax credits, earning him millions of dollars. "Ariel Jimenez was the leader of a long-running fraudulent tax business that cheated the Government of tax refunds by stealing the identities of vulnerable children and using those identities to falsely claim tax credits on beh

article thumbnail

HIVE Ransomware Claims Responsibility for NYRA Attack

Heimadal Security

The New York Racing Association disclosed that, on June 30th, a cyberattack impacted IT operations, website availability, and compromised member data. NYRA is operating the three largest thoroughbred horse racing tracks in New York, namely the Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course. The Hive ransomware group, which was recently responsible for […].

article thumbnail

How You Can Manage and Eliminate Technical Debt

Security Boulevard

What do out-of-date third party components, a product backlog, and a rushed software launch all have in common? . The post How You Can Manage and Eliminate Technical Debt appeared first on Security Boulevard.

article thumbnail

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Trend Micro

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

2K Games’ Help Deck Platform Hacked

Heimadal Security

American video game publishing house 2K Games confirms that they have been the victims of a cyberattack. The hackers targeted 2K’s help desk platform and used it to reach customers with fake support tickets, pushing malware through embedded links. 2K’s support account took to Twitter to address the ongoing situation after BleepingComputer broke the story […].

Hacking 88
article thumbnail

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

The Hacker News

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised.

article thumbnail

Tax refund phish logs keystrokes to swipe personal details

Malwarebytes

There’s been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam. The added sting in the tail comes in the form of an embedded keylogger which grabs everything entered onto the page. An untimely tax refund.

article thumbnail

Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing

The Hacker News

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS).

DDOS 97
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.